Archive-name: net-anonymity/part1
Last-modified: 1994/5/9
Version: 1.0
(c) Copyright 1994 L. Detweiler. Not for commercial use except by
permission from author, otherwise may be freely copied. Not to be
altered. Please credit if quoted.
ANONYMITY on the INTERNET
=========================
Compiled by L. Detweiler .
Anonymizing
-----------
<1.1> What are some known anonymous remailing and posting sites?
<1.2> What are the responsibilities associated with anonymity?
<1.3> How do I `kill' anonymous postings?
<1.4> How is anonymous `whistleblowing' being explored?
<1.5> Why is anonymity such a problem?
<1.6> What is the history behind anonymous servers?
History
-------
<2.1> What happened with the Kleinpaste anonymous server?
<2.2> What happened with the Clunie anonymous server?
<2.3> What happened with the Helsingius server (hiatus, shutdown)?
<2.4> What is the ``Helsingius-Kleinpaste Conflict''?
<2.5> What did the (in)famous Helsingius user an8785 do (pre-Depew)?
<2.6> What happened between (in)famous user an8785 and R. Depew?
<2.7> What was the Depew-ARMM Censorship Incident?
<2.8> What was the Second Depew-ARMM Fiasco?
<2.9> What was Richard Depew's inspiration for ARMM?
* * *
ANONYMIZING
===========
_____
<1.1> What are some known anonymous remailing and posting sites?
Currently the most stable of anonymous remailing and posting sites
is anon.penet.fi operated by julf@penet.fi for several months, who
has system adminstrator privileges and owns the equipment.
Including anonymized mail, Usenet posting, and return addresses
(no encryption). Send mail to help@anon.penet.fi for information.
Hal Finney has contributed an instruction manual for the cypherpunk
remailers on the ftp site soda.berkeley.edu (128.32.149.19):
pub/cypherpunks/hal's.instructions. See also scripts.tar.Z (UNIX
scripts to aid remailer use) and anonmail.arj (MSDOS batch files to
aid remailer use).
Standard cypherpunk remailers allow unlimited chaining by including
`::' characters in the message to denote nested headers. The
intermediate host strips this from the message body and uses fields
(particularly the to: destination) in the new message header. See
the Finney manual for more information.
ebrandt@jarthur.claremont.edu
-----------------------------
Anonymized mail. Request information from above address.
elee7h5@rosebud.ee.uh.edu
-------------------------
Experimental anonymous remailer run Karl Barrus
, with encryption to the server. Request
information from that address.
hal@alumni.caltech.edu
----------------------
Experimental remailer with encryption to server and return
addresses. Request information from above address.
hh@soda.berkeley.edu
hh@cicada.berkeley.edu
hh@pmantis.berkeley.edu
----------------------
Experimental remailer. Include header `Request-Remailing-To'.
nowhere@bsu-cs.bsu.edu
----------------------
Experimental remailer allowing indefinite levels of chaining. Run
by Chael Hall. Request information from above address.
phantom@mead.u.washington.edu
-----------------------------
Experimental remailer with encryption to server. `finger' site
address for information.
Notes
=====
- Cypherpunk remailers tend to be unstable because they are often
running without site administrator knowledge. Liability issues
are wholly unresolved. Generally don't support return addresses.
- So far, all encryption is based on public-key cryptography and PGP
software (see the question on cryptography).
- Encryption aspects (message text, destination address, replies)
vary between sites.
- Multiple chaining, alias unlinking, and address encryption are
mostly untested, problematic, or unsupported at this time.
_____
<1.2> What are the responsibilities associated with anonymity?
Users
-----
- Use anonymity only if you have to. Frivolous uses weaken the
seriousness and usefulness of the capability for others.
- Do not use anonymity to provoke, harass, or threaten others.
- Do not hide behind anonymity to evade established conventions on
Usenet, such as posting binary pictures to regular newsgroups.
- If posting large files, be attentive to bandwidth considerations.
Remember, simply sending the posting to the service increases
network traffic.
- Avoid posting anonymously to the regular hierarchy of Usenet; this
is the mostly likely place to alienate readers. The `alt'
hierarchy is preferred.
- Give as much information as possible in the posting (i.e.
references, etc.) Remember that content is the only means for
readers to judge the truth of the message, and that any
inaccuracies will tend to discredit the entire message and even
future ones under the same handle.
- Be careful not to include information that will reveal your
identity or enable someone to deduce it. Test the system by
sending anonymized mail to yourself.
- Be aware of the policies of the anonymous site and respect them.
Be prepared to forfeit your anonymity if you abuse the privilege.
Be careful that you can trust the system operator.
- Be considerate and respectful of other's objections to anonymity.
- ``Hit-and-run'' anonymity should be used with utmost reservation.
Use services that provide anonymous return addresses instead.
- Be courteous to the system operator, who may have invested large
amounts of time, be personally risking his account, or dedicating
his hardware, all for your convenience.
Operators
---------
- Document thoroughly acceptable and unacceptable uses in an
introductory file that is sent to new users. Have a coherent and
consistent policy and stick to it. State clearly what logging and
monitoring is occurring. Describe your background, interest, and
security measures. Will the general approach be totalitarian or
lassaiz-faire?
- Formulate a plan for problematic ethical situations and anticipate
potentially intense moral quandaries and dilemmas. What if a user
is blackmailing someone through your service? What if a user
posts suicidal messages through your service? Remember, your
users trust you and use your service to protect their identities.
- In the site introductory note, give clear examples of situations
where you will take action and what these actions will be (e.g.
warn the user, limit anonymity to email or posting only, revoke
the account, 'out' the user, contact local administrator, etc.)
- Describe exactly the limitations of the software and hardware.
Address the bandwidth limitations of your site. Report candidly
and thoroughly all bugs that have occurred. Work closely with
users to isolate and fix bugs. Address all bugs noted below under
``(in)stability of anonymity''.
- Document the stability of the site---how long has it been running?
What compromises have occured? Why are you running it? What is
your commitment to it?
- Include a disclaimer in outgoing mail and messages. Include an
address for complaints, ideally appended to every outgoing item.
Consult a lawyer about your liability.
- Be committed to the long-term stability of the site. Be prepared
to deal with complaints and `hate mail' addressed to you. If you
do not own the hardware the system runs on or are not the system
adminstrator, consult those who do and are.
- Be considerate of providing anonymity to various groups. If
possible, query group readers.
- Keep a uniformity and simplicity of style in outgoing message
format that can be screened effectively by kill files. Ensure
the key text `Anon' is somewhere in every header.
- Take precautions to ensure the security of the server from
physical and network-based attacks and infiltrations.
Readers
-------
- Do not complain, attack, or discredit a poster for the sole reason
that he is posting anonymously, make blanket condemnations that
equate anonymity with cowardice and criminality, or assail
anonymous traffic in general for mostly neutral reasons (e.g. its
volume is heavy or increasing).
- React to the anonymous information unemotionally. Abusive posters
will be encouraged further if they get irrationally irate
responses. Sometimes the most effective response is silence.
- Notify operators if very severe abuses occur, such as piracy,
harassment, extortion, etc.
- Do not complain about postings being inappropriate because they
offend you personally.
- Use kill files to screen anonymous postings if you object to the
idea of anonymity itself.
- Avoid the temptation to proclaim that all anonymous postings
should be barred from particular groups because no `possible' or
`conceivable' need exists.
References
----------
See e.g. ftp.eff.org:/pub/academic/anonymity:
> This article is an excerpt from an issue of FIDONEWS on individual
> privacy and the use of handles. It accepts the need of a system
> operator to know the name of a user; but suggests that the use of
> a handle is analogous to a request to withhold the name in a
> letter to the editor. The article concludes with a set of
> guidelines for preserving the right to be anonymous.
_____
<1.3> How do I `kill' anonymous postings?
James Thomas Green :
> Try putting this in your kill file:
>
> /Anon/h:j
> /Anonymous/h:j
>
> This will search the headers of the messages and kill any that
> contain `Anon' or `Anonymous' in them. Not perfect and won't
> kill followups.
Note that anonymous server operators have the capability to mask
anonymous postings under which the above method will not work; so
far this practice is not widespread, but it may become more common
as a countermeasure to widespread anonymous filtering.
_____
<1.4> How is anonymous `whistleblowing' being explored?
Recently the idea of a newsgroup devoted to `whistleblowing' or
exposing government and commercial abuses has received wide and
focused attention, and group formation is currently underway. In
the basic scenario the group would allow people to post
pseudonymously using remailers, and even establish reputations
based on their authentifiable digital signatures. The traffic may
eventually reach reporters in the mainstream news media.
deltorto@aol.com has volunteered to attack multiple aspects of this
project, including distributing easy-to-read documentation on
posting, anonymization, and encryption.
A visible trend in the government initiated by the Clinton
administration is encouraging many aspects of an `electronic
democracy' or `modemocracy'. See ``White House lets you turn on
your PC, tune in to politics,'' March 18 1993 New York Times.
_____
<1.5> Why is anonymity such a problem?
Anonymity so far has tended to further polarize existing
distinctions in existing Usenet traffic. For example, serious uses
such as sexual abuse counseling in newsgroups have increased. One
psychotherapist reportedly objected to restrictions on anonymity
because he was in the process of exploring it as a theurapeutic
tool for his patients, and criticized people seeking restrictions
on its availability. Many previously obscure aspects of Usenet and
the internet have come under sharp scrutiny with the introduction
of new capabilities for anonymity.
Harrassment & Censorship
------------------------
Frivolous and harassing cases have increased with the introduction
of widespread and accessable anonymity. Usenet readers seem to
become most agitated and enraged when people use these services to
post messages aimed at insulting or offending specifically the
members of groups where they are posted. For example, a poster
might describe ways of attacking cats on the cat-lovers group.
(note however that these messages appeared long before the services
through forging, but the servers tend to make it easier and almost
encourage it). These instances tend to live on in the memories of
the readers long after the original poster has been silenced from
complaints (either simply leaving or being censored by local
administrators in response to negative email). In this way, the
services are particularly attractive to `sociopaths'. Perhaps
somewhat unexpectedly, the most vocal public opposition is against
anonymous posting, and anonymous remailing has generally avoided
much controversy to date.
Foreign Sites
-------------
Although every global anonymous posting site to date has come under
extremely severe fire from hordes of network administrators, i.e.
enough to shut them down (semi-) permanently, still the longest
running one (anon.penet.fi, located in Finland) is foreign, a
situation which D. Clunie notes as particularly ironic in that
foreign countries appear to be embracing a medium for freedom of
speech more enthusiastically than and contrary to the general
conservatism and opposition at U.S. sites. Another oft-noted irony
(or to some, hypocrisy) arises with people who complain about news
posters and anonymous sites, who generally prefer to do so `behind
the scenes'; i.e. anonymously. In fact, the death of major sites
(e.g. the Clunie and Helsingius servers) has left the operators
concealing the identities of their attackers.
Intrinsic Popularity
--------------------
The existence and popularity of anonymous servers suggest they are
filling a definite vacuum. Future news software may incorporate
some of their mechanisms for untraceability. In fact, the
proliferation of these servers can be interpreted as a remedying a
deficiency in news software to easily post anonymous messages. The
idea of routing messages to an intermediate, distant host simply to
remove identifying headers and preserve anonymity, under fragile
trust of the site operator, is clearly awkward, unwieldy, and
unnecessary. That such tortuous paths are taken regularly by many
users and maintained by dedicated and conscientious operators,
despite enormous costs, chores, and headaches, suggests that the
demand is strong, persistent, and permanent---a definite `need'.
U.S. Taboos
-----------
The anonymous server software itself can be run anywhere, but
apparently extremely few system operators have the latitude to run
anonymous services from their connection providers, and the
atmosphere arising from U.S. agency policies and actions may be
generally hostile to these services. These restrictions are
generally somewhat informal and concealed, and fall mostly in the
form ``if a lot of people complain then you aren't allowed to do
it.'' The Internet started as a research network and the tension
between 'serious' scientific aims and informal ones has raged
endlessly since its inception. A global patchwork of network
jurisdictions tends to favor both sides. Pressure can be applied to
local sites that generally are weak in opposition to admonishments.
On the other hand, messages can reach a given destination over a
wide variety of paths where only one is necessary.
Authentication Trends
---------------------
However, the trend in some news software development has moved
toward increasing user validation, suggesting a fundamental
disparity in evolved designer and user expectations. In fact,
Usenet reader and news administrator opinions have been
consistently divided on the issue with those in the former category
largely in favor of the services and unlimited use, while those in
the latter often demanding limited availability or gradual, formal
approaches to introduction (newsgroup readers vote on acceptance).
New proposals to facilitate the use distinctions of `serious,
authenticated articles' and `informal, unverifiable posts' have
emerged, and future Usenet software may integrate these
complementary uses more harmoniously by differentiating them more
explicitly.
_____
<1.6> What is the history behind anonymous servers?
The functions of anonymous posting vs. anonymous remailing are
closely intertwined but on the Internet followed independent lines
of historical development. Anonymous mailing has always been
intrinsic to the internet SMTP mechanisms (Simple Mail Transfer
Protocol). Formalized anonymous remailer functions, including
encryption mechanisms, apparently originate with the Cypherpunk
group started in mid-1992. The function of anonymous remailers has
been compared to a device called the `cheesebox' that was invented
during the Prohibition era in the U.S. Phil Karn
writes: ``The `cheesebox' was a popular
means to thwart telephone call tracing. It connected two lines in
the back of an uninvolved business. It was the conceptual
predecessor of today's anonymous email remailer.''
Originally anonymous posting/reply services (also called Anonymous
Contact Service, ACS), were introduced for individual, particularly
volatile newsgroups, where anonymity is almost the preferred method
of communication, such as talk.abortion and alt.sex.bondage. One
of the first was one by Dave Mack started in ~1988 for
alt.sex.bondage. Another early one was wizvax.methuen.ma.us run by
Stephanie Gilgut (Gilgut Enterprises) but was disbanded due to
lack of funds. The system provided anonymous return addresses.
n7kbt.rain.com (John Opalko) took up the functions of this server,
including reinstating the anonymous alias file. The group
``alt.personals has been chewing through servers like there's no
tomorrow.'' (K. Kleinpaste)
With the introduction of the Clunie and Helsingius servers, the
complementary functions of remailing and posting were unified into
single servers. The idea of pseudonymous posting (the capability
for not just one-way communication but responses and two-way
dialog) carried naturally over to email.
The history of anonymous servers on the internet is strewn with
characters and casualties, particularly with the unprecedented
globally-serving type, which are revolutionary in some aspects and
merely evolutionary (or even stationary) in others. Subsequent
questions address specific aspects of the history of this type of
anonymous server.
HISTORY
=======
_____
<2.1> What happened with the Kleinpaste anonymous server?
Spurred by the disappearance of `wizvax' and interested in
researching the idea, Karl Kleinpaste
developed his own system
from scratch in six hours. By this time the idea of extending the
server to new, more `mainstream' groups was starting to emerge,
and he explored the possibility partly at the specific request by
multiple users for anonymity in other groups. ``The intended
advantage of my system was specifically to allow multiple group
support, with a single anon identifier across all. This was
arguably the single biggest deficiency of previous anon systems.''
K. Kleinpaste posted a message on rec.nude asking users whether an
anonymous service would be welcome there, and judged a consensus
against it.
K. Kleinpaste introduced what he calls a ``fire extinguisher'' to
`squelch' or `plonk' abusive users in response to complaints, and
used this in three cases. Nevertheless, after a few months of
intense traffic he was eventually overwhelmed by the abuses of his
server. ``Even as restricted as it was, my system was subjected to
abuses to the point where it was ordered dismantled by the
facilities staff here. Such abuses started right after it was
created.''
K. Kleinpaste reestablished his server in ~April 1993 with a very
large usage policy forbidding many uses. Mr. Kleinpaste frequently
refers to `abusers' publicly and his guidelines for their removal
or exposure.
Thanks to Carl Kleinpaste
for contributions here.
_____
<2.2> What happened with the Clunie anonymous server?
An innovative anonymous posting system with sophisticated
functionality was set up in Oct. 1992 by D. Clunie
that used PGP software for public-key
cryptography in both directions (to/from) the server to achieve the
highest degree of confidentiality seen so far. However, a major
complaint originating from an unidentified but critical U.S. site
(presumably one involved in the link) in ~Jan 1993 led to an
ultimatum to D. Clunie, forcing him to shut down operation after
only a few months.
The letter alluded to a heavy volume of traffic associated with the
anonymous server, potentially dominating the limited available
communications bandwidth, and elevating its expense beyond the
justifiable (the half circuit cost of the link is reportedly over
$1 million per year). The pax.tpa.com.au site is based in
Australia and the bandwidth of the AARNet Internet link for the
entire continent at the time of the server operation was 500
megabits/sec, roughly half the capacity of local area network
Ethernet connections. Nevertheless Mr. Clunie states that the
``small load on the server never approached `dominating the
bandwidth','' branding that point of the complaint ``largely
theoretical and unsupported by any statistics.''
A part of the letter is as follows (Mr. Clunie quotes the letter
anonymously):
> They allow people all over the internet to send mail through a
> filter that replaces the user's real address with an anonymous
> address on their machine. This results in additional traffic
> (mail going from the US, to Australia, and back to the us, and
> one more time around for replies) on the Pacific link which is
> congested, and it's not clear what legitimate use an anonymous
> mail forwarding facility would have. In other words, it loads up
> the link, and hides people's identities so they can't be
> responsible for what they say. Not the best situation to have.
Commenting on the letter, D. Clunie wrote ``I can't complain about
the traffic issue, though I take exception to the criticism of
anonymous mail forwarding. I was not in a position to argue ... as
my feed site was threatened with disconnection if the service was
not terminated.'' Mr. Clunie later released his software into the
public domain, and comments on the Helsingius server:
Thanks to David Clunie for contributions
here.
_____
<2.3> What happened with the Helsingius server (hiatus, shutdown)?
In ~Nov 1992, Johan Helsingius (julf@penet.FI) set up the most
controversial anonymous site to date. anon.penet.fi is based on
scripts and C code written by K. Kleinpaste and supports anonymized
mail, posting, and return addresses. He initially wanted to confine
the service to Scandinavian users but expanded it to worldwide
accessability in response to 'lots' of international requests.
Mr. Helsingius comments:
> Due to the lawsuit-intensive climate in the US, many anonymous
> services have been short-lived. By setting up anon.penet.fi in
> Finland, I hoped to create a more stable service.
J. Helsingius policy of allowing anonymous posting to every Usenet
newsgroup has been met with strong and serious ideological
opposition (e.g. by news adminstrators in news.admin.policy).
Because of the relative newness and recent emergence of the medium,
abuses by anonymous posters tend to have higher visibility than
``routine'' abuses. His total commitment to preservation of
anonymity is also controversial.
Despite piercingly irate and outraged complaints, and even the vocal
opposition and verbal abuse of K. Kleinpaste and eminent news
operators, J. Helsingius has largely avoided use of the ``fire
extingisher'' and the ``group bouncer'' mechanisms that limit the
scope of the service. As of ~March 1993 the anon.penet.fi site is
best described as `inundated': it has registered over 13,000 users
in its initial three months of operation, forwards ~3000 messages a
day, and approximately 5% of all Usenet postings are anonymized
through the site. The immense popularity is probably largely due
to the capability for `global' anonymity which has allowed users to
find creative uses in diverse areas not previously envisioned.
Based on fast-moving dialogue and creative suggestions by members of
the `cypherpunks' group, J. Helsingius has identified many security
weaknesses and valuable new features for the service, and is
currently in the process of code development and testing. He is
planning on upgrading the IBM compatible 386 machine to a 486 soon
to handle the voluminous load and is considering integrating a new
system with very sophisticated functionality, including multiple
email aliases, alias allocation control, public-key encryption,
etc.
Week-long Hiatus
----------------
Johan Helsingius was subject to extraordinary pressure to dismantle
his server in ~Feb 1993. At one point K. Kleinpaste threatened
publicly to organize a sort of vigilante group of irate news
operators to send out revocation commands on all messages
originating from the site.
> I think I'm feeling especially rude and impolite. If it's good
> for Johan, it's good for me. After all, he didn't ask the
> greater Usenet whether universal anon access was a good idea; he
> just did it. ... Yes, I'm a seriously rude pain in the ass now,
> and I think I'll arm the Usenet Death Penalty, slightly modified,
> not for strategic whole-site attack, but tactical assault, just
> "an[0-9]*@anon.penet.fi" destruction. Only outside alt.*, too,
> let's say.
>
> There are 2 newsadmins ready to arm the UDP. They've asked for my
> code. I haven't sent it yet. Only one site would be necessary to
> bring anon.penet.fi to a screeching halt. Anyone can implement
> the UDP on their own, if they care to. Politeness and good sense
> prevents them from doing so. I wonder how long before one form of
> impoliteness brings on another form.
J. Helsingius has also alluded to receiving threats of flooding
the server. The server has crashed several times, at least once
due to a saturation `mailbombing' through it by an anonymous
user. Mr. Helsingius reports spending up to 5 hours per
day answering email requests alone associated with the service's
administration. In response to the serious threats such as that
above he disabled global group access temporarily for one week and
encouraged his users to defend the service publicly. But he has
generally eschewed public debate on Usenet in general, preferring
that his users publicize and defend it; and news.admin.policy in
particular, stating that he considers it predominantly
representative of the biased interests of news administrators
interested in `centralized control'.
Global Shutdown
---------------
At the end of March 1993 Mr. Helsingius posted a solemn note on
several newsgroups announcing the dismantling of anonymous posting
service from his site (while retaining remailing features), stating
that ``a very well-known and extremely highly regarded net
personality managed to contact exactly the right people to create a
situation where it is politically impossible for me to continue
running the service.'' He also blamed a ``miniscule minority'' of
``immature and thoughtless individuals (mainly users from U.S.
universities),'' for ``abuse of the network'' that ``caused much
aggravation and negative feelings toward the service.'' He noted
that at the time of shutdown the service was forwarding 3500
messages per day on the average from many thousands of users, with
postings to 576 newsgroups, receiving complaints involving postings
from 57 individuals. (anon.penet.fi statistics on number of actual
users are controversial because of the site's `double-blind' system
that automatically anonymizes replies to anonymous messages,
possibly inflating the statistics with irregular or uncommitted
users.)
Mr. Helsingius voiced apologies to ``users on the network who have
suffered from the abusive misuse of the server'' and the ``whole
net community'' for ``keeping a far too low profile on the network,
preferring to deal with the abuse cases privately instead of making
strong public statements,'' regretting the lack of a ``publicly
visible display of policy with regards to the abuse cases.'' At
the same time, he noted that ``I am deeply concerned by the fact
that the strongest opposition to the service... came from network
administrators.''
Shortly after posting his public apology and shutdown notice Mr.
Helsingius reported receiving over 350 messages of ``overwhelming
support'' in favor of resuming the service and 6 against which have
``vastly improved my chances of resuming full operation''.
Currently he has resumed service to a subset of newsgroups. He
expressed his desire to re-establish the full service with
sophisticated new features, commended efforts by other operators to
start their own servers but warned of the policy of some to who
``feel the best way to deal with abusers is to expose them to the
net'' in spite of his own stance that ``public stocks belong to the
middle ages.''
Prominent system operator Jon Noring claimed to
have traded email with the ``well-known and highly regarded net
personality'' Mr. Helsingius cited as paramount in creating a
politically hostile situation to the server. Mr. Noring posted
some edited excerpts from `somebody':
> Despite what you may have heard, I did not play a "major" role --
> I sent one mail message to Julf urging him to shut the service
> down. I did what any other person with knowledge of the net
> might do, too -- I cc'd the administrator of his service
> provider. The shutdown occurred because of some interaction
> between Julf and the admins -- probably aided by mail from other
> objectors. I played no active role in the events.
>
> I am drowning in a backlog of work, so I can't go into all the
> details here, nor am I particularly interested in entering into a
> long debate -- the bandwidth is too low and my time is too
> constrained. I do not believe we have the appropriate technology
> to make an anonymous service work on the net. Furthermore, I
> remain completely unconvinced that there is a legitimate need,
> nor is the level of maturity in the user population sufficiently
> level where it can be effectively used. It may only be a small
> percentage of people who cause the problems, but that is true of
> nearly everything in history.
>
> I am a firm believer in privacy, but that is not the same thing as
> anonymity. Anonymity can be used to violate another's privacy.
> For instance, in recent years, I have had harassing anonymous
> notes and phone calls threatening XXX beause of things I have
> said on the net... I have seen neighbors and friends come under
> great suspicion and hardship because of anonymous notes claiming
> they used drugs or abused children. I have seen too many
> historical accounts of witch-hunts, secret tribunals, and pogroms
> -- all based on anonymous accusations. I am in favor of
> defeating the reasons people need anonymity, not giving the
> wrong-doers another mechanism to use to harass others.
>
> ... any such service is a case of willingness to sacrifice some
> amount of privacy of the recipients to support the privacy of the
> posters. You will not find the recipients of anonymous mail
> being the supporters of such a proposal. If the only people who
> would support the idea are those who might use it, is it proper?
The identity of `somebody' has never been publicly revealed to date
due to the anonymity preserved by Noring, Helsingius, and others.
Thanks to Johan Helsingius for contributions here.
_____
<2.4> What is the ``Helsingius-Kleinpaste Conflict''?
K. Kleinpaste and J. Helsingius were involved in a private and
public schism based on their views of anonymous servers and the
proper role of the operator in management an in many ways is
illustrative of the underlying roots of controversy on the issue.
J. Helsingius was generally in favor of no content-based
restrictions on the server. K. Kleinpaste shut down his server
because of strong revulsion at some of these uses. Mr. Helsingius
increased his control over the server partly in response to
highly-publicized `abuses' and uproar among administrators. Mr.
Helsingius continues his strong commitment to preserving anonymity
in all cases (once hinting in introductory material he would do so
even in the face of a legal warrant), whereas Mr. Kleinpaste has
expressed interest in publicly exposing users he identifies as
abusers. The pair differ in their views on the proper role of
the site administrator's responsibilities toward other site
administrators, with Mr. Helsingius favoring a low-profile policy,
minimal `official' publicity, and independence from other operators
interested in imposing `centralized control'. Mr. Kleinpaste in
contrast favors official announcements of server operations,
publicity of offenses, and compromise on scope and function among
the community consensus of news operators.
The overall issue essentially addresses the role of the anonymous
server operator and degree of control s/he should exercise, with
Mr. Helsingius in favor of virtually no restrictions and minimal
operator intervention, and Mr. Kleinpaste in favor of a wide
variety of restrictions and penalties, perhaps developed with
deference to consensus, but ultimately chosen and administered
under the personal judgement of the site operator. The issue was
historically intensified by Mr. Helsingius' modifications of Mr.
Kleinpaste's software. The conflict is also to a large degree
analogous to views on Usenet operation, with some in favor of an
anarchic, free, decentralized system and others in favor of more
regulated mechanisms to ensure `accountability' and penalize
`abuse'.
Karl_Kleinpaste@cs.cmu.edu (Karl Kleinpaste):
> Funny, how beating the rest of the Usenet over the head with a
> stick is OK if it's anon.penet.fi and universal anon access. But
> somehow people on the other side of the same equation (not even
> arguing to shut it off entirely, but rather just to have some
> control applied to the abuses that manifest themselves) aren't
> allowed to do that.
>
> Why is it that everybody else has to put up with the impoliteness
> and insensitivity of the misuse of anon.penet.fi? Whose
> definitions of "polite" and "sense" apply, and why? Why is
> universal anon access considered to be within the realm of this
> fuzzy concept of "politeness" in the first place?
>
> I think Johan has long since crossed the line into being a rude
> bastard, and I told him so in private mail a little while ago.
>
> At this point, I deeply regret [a] having created an anonymous
> system supporting >1 newsgroup and [b] having given the code to
> Johan. I didn't copyright it, but I thought that some concept of
> politeness and good sense might follow it to new
> homes. Interesting that Johan's ideas of politeness and good
> sense seem to have nearly no interesection with mine. I could
> even cope with universal anon access _if_ Johan would be willing
> to engage in abuse control, but somehow that seems to be outside
> the range of reality...
julf@penet.fi (Johan Helsingius):
> There is no way for me to convey how sad and upset your message
> made me. I do, to some extent, understand your feelings, but it
> still feels really bad. Running the server requires getting used
> to a lot of flames, but mindlessly abusive hate mail is so much
> easier to deal with than something like this, as I do respect and
> value your views and opinions to a high degree. No, I'm not
> asking for sympathy, I just wanted you to know that I am really
> giving your views quite a lot of weight.
>
> When I asked for the software, I was actually only going to
> provide the service to scandinavian users. But a lot of people
> requested that I keep the service open to the international
> community. I now realize that I ought to have contacted you at
> that point to ask how you feel about me using your stuff in such
> a context. Again, I really want to apologise. And I will replace
> the remaining few pieces of code thet still stem from your
> system. Unfortunately there is no way to remove the ideas and
> structure I got from you.
>
> Again, I am really sorry that the results of your work ended up
> being used in a way that you don't approve of. And I will be
> giving a lot of hard thought to the possibility of shutting down
> the server alltogether.
Outside of obvious enmity the debate has largely resulted in
compromises on both sides, with Helsingius refining his initial
universal-group and `hands off' policies and Kleinpaste
re-establishing a server with documented procedures admitting and
warning of subjectivity in the policy and potential consequences.
_____
<2.5> What did the (in)famous Helsingius user an8785 do (pre-Depew)?
In a highly controversial and publicized case in ~Feb 1993, the
anonymous user `an8785' posted a supposed transcript of desperate
crew dialogue during the Challenger shuttle disaster via
anon.penet.fi to sci.astro. Despite that the transcript had been
posted in the same place up to a year earlier (then
non-anonymously) and actually originated not with the poster but a
New York news tabloid, subsequent responses consisted largely of
vociferous outrage at the poster's use of anonymity, reverberating
through many newsgroups. One responder, who also posted anonymously
through anon.penet.fi, claimed to be closely related to family
members of the deceased astronauts, and quite shocked and
devastated by the posting, although the responder's identity cannot
be confirmed and the statement could have been invented by an8785's
enemies to embarrass and humiliate an8785.
The original poster, under the same anonymous handle, later conceded
that the story ``seemed likely to have been fabricated,''
suggesting the plausible possibility that the original intent was
not to provoke outrage but gauge reactions on the authenticity of
the story (albeit crudely), free of personal risk from perceived
association with the item. The ensuing commotion generated queries
for the original article by late-entering readers. The anonymous
user later posted deliberately offensive comments at his
detractors, saying they were the kind that "couldn't see the humor
in childhood leukemia" and should "get a life---get 7! ha ha!"
(Thanks to an8785@anon.penet.fi for contributions here.)
_____
<2.6> What happened between (in)famous user an8785 and R. Depew?
an8785 posted the address of the supervisor of site operator R.
Depew, inviting Usenet readers to register complaints in response
to the latter's threat (later carried out) to issue commands to
globally cancel anonymous messages on Usenet. Reaction was very
hyper and divided as some commended an8785 for a `strictly factual
post', others calling the posting a blatant example of anonymous
cowardice, some suggesting that an8785's actions were directly
analogous to the heated calls to pressure site operators of abusers
pursued earlier by anonymity foes (as e.g. by Depew), others
claiming the situation was wholly dissimilar, with still others
remarking on the irony that Depew would be protected by anonymity,
suggesting its prime use is the protection from accusations from
other anonymous users, and finally R. Depew asserting that an8785's
actions were illegal harrassment under U.S. laws and fanatically
but unsuccessfully attempting to pry the secret of the individual's
identity from J. Helsingius.
In a somewhat bizarre coincidence and convergence of many historical
elements, Mr. Depew at one point accused J. Helsingius, ``someone
who would have a motive to cause me as much trouble as possible,''
of being an8785:
> You (and most USENET readers)
>
> have seen the cowardly postings by "an8785" calling on readers to
> contact the chairman of my department and the director of
> computer services at my institution by mail or phone to complain
> about me.
>
> You may also have seen (though it was easy to miss) a weak apology
> from this same user, who, despite the apology, has refused to
> cancel these deeply offensive postings which remain scattered
> about in who-knows-how-many newsgroups.
>
> You have also seen a few posters challenge "an8785" to reveal his
> identity. This person has *some* sense of honor... else he would
> not have posted his weak apology... but his sense of
> self-preservation clearly overrides his sense of honor.
>
> You may also have seen other posters calling upon Julf,
> admin@anon.penet.fi to reveal the identity of this cowardly
> anonymous poster. Has he complied? Of course not. Is he even
> willing to show his face in this newsgroup to explain why? Of
> course not.
>
> I have a strong suspicion as to the identity of "an8785". Someone
> who would have a motive to cause me as much trouble as possible.
>
> Someone who would *know* that Julf would never reveal his
> identity. J'accuse Johan Helsingius, aka "Ze Julf", of being none
> other than the despicable "an8785".
>
> If Johan remains silent, my case is closed.
>
> The only evidence to the contrary that I will accept will be the
> true identity of "an8785"
>
> Julf - I challange you to prove my accusation against you is false.
In commenting on the posting Felix Gallo wrote
``Such brilliance has never before crossed the path of Usenet.''
Mr. Depew was not simply attempting to provoke a revelation from
Julf by false accusations, but by genuine suspicion and conviction,
as evidenced by a later post:
> Fellow net-citizens. My "J'accuse" postings must have struck a
> raw nerve. I present to you the following attempt to blackmail
> me.
>
> Carefully note the time-frame that is mentioned. Anyone who has
> used the anon-server knows that there is a long delay in relaying
> messages if they go back-and-forth. The only way 10 minutes
> could be possible were if it were a one-way trip. Who is the
> only person for whom a one-way trip is possible?
Mr. Helsingius disabled the an8785 account after the Depew address
posting but continued to keep the identity secret. To this date
the exact identity of an8785 is still a mystery with Mr. Helsingius
preserving anonymity.
See also the ``Depew ARMM'' questions.
_____
<2.7> What was the Depew-ARMM Censorship Incident?
In mid-March 1993 the news adminstrator Dick Depew, who had been
writing disapproving notes on global anonymity on news.admin.policy
specifically attacking Johann Helsingius' policy, announced that he
had invented software dubbed ARMM, standing for Automatic
Retroactive Minimal Moderation. As originally envisioned and
designed, the program was to send out `cancel' messages targeting
anonymous posts. Mr. Depew as a news administrator had the
capability of sending `cancel' commands using mechanisms not
available to regular Usenet users.
Responding to Dave Hayes' and others' objections, Mr. Depew wrote:
> I am testing a shell script to carry out "Automated Retroactive
> Minimal Moderation" in response to Julf's (and your) suggestion
> that the only way to control anonymous posting to groups that
> don't want it is through moderation. It cancels articles posted
> from anon.penet.fi. I've tested it on recycled postings with a
> "local" distribution and it works nicely. I propose to arm
> "ARMM" with an unrestricted distribution for the "sci" hierarchy
> this weekend if Julf doesn't accept the proposed compromise or a
> reasonable alternative by then.
>
> The best time to put out a fire is while it is still small. :-)
One-time anonymous server operator D. Clunie
voiced some of the most vehement and vocal
opposition to carrying out the plan:
> I really think you are getting carried away with a non-issue here,
> and inflamming the situation is going to make you extremely
> unpopular ...
>
> I think I will probably just turn off response to cancel messages
> totally if you go ahead with this scheme, and I encourage other
> news administrators to do the same ... they were a bad kludge in
> the first place and still are. It seems to me they are rarely
> used for other than controversial purposes like you are proposing
> (I don't like other people's postings so I won't let anyone else
> read them).
Richard Depew :
> Controversial, sure, but my reason for activating the Automated
> Retroactive Minimal Moderation script, if Julf remains unwilling
> to accept any compromise, is simply to demonstrate that the
> status quo with regards to anonymous postings from a particular
> site *can* be effectively enforced.
>
> You may not like my "Automated Retroactive Minimal Moderation"
> script, but you must at least admit that it is simply an
> automated version of moderation - a well-accepted practice in
> newsgroups that want to keep an acceptable signal/noise ratio.
>
> There shouldn't be much controversy over this, but there will be
> anyhow. :-)
D. Clunie :
> There should be and there will be ... you are way out of line here
> Richard, regardless of how many smileys you tack on the end of
> your message.
Richard Depew :
> No. It is Julf who is way out of line here... and has been for
> four months, now. He has finally met someone who has gotten fed
> up with his silly game, and is willing to call his bluff.
Under the Depew scheme message cancellations were to be accompanied
by a letter to the anonymous target containing Mr. Depew's views on
the controversy of anonymous posting and justifications for his
unilateral measure, with the overall effect of ``restoring the
pre-Julf status quo.'' (This measure apparently was in response to
objections from administrators that the cancelling scheme was
concealed from the posters.) In the message Mr. Depew writes
further: ``Rest assured that there is nothing personal in this. I
have not read your postings, and I have no reason to believe that
they were out of line in any way other than being anonymous.''
> Julf has not accepted the principle of compromise on the issue of
> the default setting for his server for technical newsgroups.
> Thus, ARMM, the "Automated Retroactive Minimal Moderation"
> script, has been activated ...
>
> I apologize in advance for any inconvenience this may cause you.
> My argument is with Julf and is about the default setting for
> entire hierarchies; it is not with you or your particular
> postings.
After Mr. Depew started the program it proceeded to cancel two
Usenet messages originating from the anon.penet.fi server. After
Mr. Depew activated it, and in response to his threats, the
controversial an8785 behind the Challenger story posted Mr. Depew's
address of employment and the name and phone number of his
supervisor (obtained from unidentified sources) and called for
people to complain of his assault.
While the previous outcry on news.admin.policy over anon.penet.fi
policy was enough to enlarge traffic in the group many times, the
first `Depew episode' triggered phenomenal outcry, condemnation,
and character `assassination' against Mr. Depew in hundreds of
messages, by many who had been `lurking' in the previous debate
but, while doubtful of the true value of anon.penet.fi, were
uniform and unequivocal in their intolerance for Mr. Depew's
actions, frequently referred to as inherently destructive to the
spirit of Usenet, and equivalent to `censorship' or `terrorism' via
illegitimate (`forged') cancel commands. Many news operators
expressed the intent to adjust their software to ignore any such
directives.
Mr. Depew objected to references of his intent or effect of
`censorship' and sent email to posters stating that the subject
``RICHARD DEPEW imposes automated CENSORSHIP on the Net'' was
libelous and asked them to cancel their articles. ``My "civil
disobedience" had nothing to do with censorship. You have simply
fallen for the lie of an anonymous slanderer.''
Some apologists such as J. Maynard defended Mr. Depew's actions and
maintained that his approach was not unacceptable considering the
circumstances and that the fault lay in inadequate `testing'.
Catherine Anne Foulston wrote ``It's a form of
vandalism, perhaps sabotage, and it's obnoxious, but it is not
censorship.'' Nevertheless under the firestorm of outrage Mr.
Depew withdrew the program after a very short time (less than
several hours).
Thanks to Richard Depew for
contributions here.
_____
<2.8> What was the Second Depew-ARMM Fiasco?
Eerily and pathetically close to a date of April 1 1993 Mr. Depew
employed a revised version of the ARMM program intended to kill and
repost anonymous messages with reformatted headers and a notice
``Automated Retroactive Minimal Moderation (tm) by ARMM5. Press 'n'
to skip.'' replacing the beginning of the message. Many news
operators expressed grave concerns over this new scheme, and
criticized him scathingly for breaking promises of leaving the
overall concept alone. Mr. Depew decided to run the program only on
his own postings to demonstrate its utility and harmlessness.
After invoking the ARMM 2 version, however, the program quickly
became trapped in an infinite loop of `readjusting'
already-tampered messages, creating a new message to the
news.admin.policy group every time. The barrage exploded to about
180 messages over a period of a few hours before Depew was
contacted over the phone by some news administrators and he halted
the program. Subject headers in each message grew after each
iteration to the point that late messages in the thread tended to
crash some newsreaders and possibly even some servers. Some
readers compared the effect to the Morris Internet Worm incident
although the scale (while global) was far less.
In commemoration of the momentous event, perhaps best summarized
as `painfully hilarious', Joel Furr wrote an
entry for a future encyclopedia of Usenet history and hacker
culture:
> :ARMM: n. A USENET posting robot created by Dick Depew of Munroe
> Falls, Ohio. Originally intended to serve as a means of
> controlling posts through anon servers (see also {anon
> servers}). Transformed by programming ineptitude into a monster
> of Frankenstein proportions, it broke loose on the night of March
> 31, 1993 and proceeded to spam news.admin.policy with something
> on the order of 200 messages in which it attempted, and failed,
> to cancel its own messages. This produced a recursive chain of
> messages each of which tacked on:
>
> * another "ARMM:" onto the subject line
> * a meaningless "supersedes" header line
> * another character in the message id (producing message ids
> several lines long)
> * a ^L
>
> This produced a flood of messages in which each header took up
> several screens and each message id got longer and longer and
> longer and each subject line started wrapping around five or six
> times. ARMM was accused of crashing at least one mail system
> and inspired widespread resentment among those who pay for each
> message they have downloaded.
Included for posterity are a few sentiments from an involved
analysis of the problem by Richard E. Depew
:
> You have undoubtedly noticed the flood of ARMM posts that I caused
> last night.
>
> I offer my deepest apologies for this flood. I messed up badly. I
> made mistakes in both implementation and testing. That was truly
> bone-headed implementation error!
>
> I seem to have a real talent for spectacular screw-ups!
>
> I agree, though, that my fate is richly deserved. The net loony
> bin seems to be the safest place for me right now.
>
> Thanks for your understanding. It was an honest mistake.
Francisco X DeJesus :
> Yes, I noticed. Everyone on USENET noticed. Even some people who
> never read news heard the laughter of those who do and noticed.
>
> This whole deal is one of those things that's so sad, it's funny.
> Like the story you posted of the driver going to make a wrong
> turn and giving you the finger... you are that driver, and we are
> all trying to tell you you are heading in the wrong direction.
> However, unlike the driver in your story, you never turn, going
> the wrong way onto oncoming traffic instead. Well, at least the
> crash made the evening news and everyone will know your name now.
_____
<2.9> What was Richard Depew's inspiration for ARMM?
Experts are sharply divided on the issue of the true inspiration for
ARMM, perhaps stemming largely from Mr. Depew's own convoluted,
contradictory, imaginative accounts of his motivations. Mr.
Depew at first wrote of developing the software in direct response
to J. Helsingius' server:
> Julf's anonymous server seems to me to be contributing to the
> erosion of civility and responsibility that have been the
> hallmarks of the more traditional parts of USENET. More than
> that, Julf has refused to even discuss a compromise to his
> position that all hierarchies should be open, by default, to his
> server.
>
> I think it *is* important to demonstrate that USENET *does* have a
> defense against a self-styled cyberpunk who refuses to cooperate
> with the rest of the net. Whether USENET can find the *will* to
> oppose him remains an open question. I simply intend a brief
> demonstration of one defense mechanism.
Later however increasingly Mr. Depew's postings came to reveal a
basic preoccupation and fascination with the ARMM concept in
itself, irrespective of any supposed violations of `netiquette' on
the part of J. Helsingius. For example, in one long and rambling
message he built up an extended metaphor between the presence of
anonymous servers on Usenet with pathogenic viruses and a
laboratory biology experiment:
> I went into the lab to look for an anti-pathogen that would
> inhibit the growth of the pathogen. I found one -- the Usenet
> Death Penalty. This was clearly dangerous stuff, so I tried to
> attenuate it -- to improve its therapeutic index.
>
> The UDP was designed to totally eradicate postings from a given
> site from all of USENET. I didn't want to do that -- I only
> wanted to protect the part I valued most highly -- the brain. So
> I attenuated the UDP so it would only affect the "sci" hierarchy.
Apparently alluding to the initial ARMM operation and the ensuing
uproar, Mr. Depew wrote:
> The clinical trial was successful, at least in temporarily
> eradicating the pathogen from the patient's brain, but the
> patient unexpectedly suffered a severe allergic reaction, so I
> halted the test out of compassion.
Nevertheless he remained visibly enamored with the intrinsic idea of
cancelling or `filtering' posts. In fact, no posting originating
from him has *ever* expressed unequivocally abandoning the project.
As time passed after the incident his postings became increasingly
abstract and in one supplied an extended, abstruse metaphor
representing his overall experience:
> Friends,
>
> While driving to work through heavy fog, I became engaged in a
> little incident that struck a chord of recognition.
>
> Apparently the driver of the auto in front of me didn't see the
> sign, perhaps because the fog was so thick. He stopped at the
> bottom of the off-ramp with his left indicator still blinking,
> and with his vehicle angled to the left as if he were *really*
> intent on making a left turn into two lanes of oncoming traffic
> in thick fog.
>
> Worried that a serious accident might result from this mistake, I
> pulled up close to his rear bumper and honked my horn at him,
> twice, and activated my *right* turn indicator.
>
> The driver looked into his rear-view mirror and "gave me the
> finger".
>
> However, he must have subsequently noticed either my turn-signal
> or the "one-way" sign, because he activated his right signal and
> made a right turn, safely.
>
> Why am I posting this incident to news.admin.policy? Gee, I don't
> know... perhaps I confused this group with
> rec.autos.driving. :-)
Finally, to the morbid embarrassment of a noted early cyberspatial
period historian, Mr. Depew eventually wrote:
> I have received many inquiries into the inspiration for the
> Automated Retroactive Minimal Moderation script (ARMM), usually
> of the form:
>
> "How the #### did you ever come up with such a hair-brained(sic)
> idea?".
>
> I may have answered curtly, but I was secretly flattered at the
> idea of having hair on top, again. It certainly beats
> bunny-droppings!
>
> For the long answer to this question, I refer you to the FAQ on
> privacy and anonymity compiled by "L.". "L." has done a
> commendable job of recording both sides of the debate, and you'll
> hardly notice that he so alphabetically-challenged that he can't
> remember how to spell his first name. It's probably because he
> just cribs from the rest of us.
>
> Astonishingly, this document has recorded the writings of my
> muses!
* * *
This is Part 1 of the Anonymity FAQ, obtained via anonymous FTP to
rtfm.mit.edu:/pub/usenet/news.answers/net-anonymity/ or newsgroups
alt.privacy, alt.answers, news.answers every 21 days.
Written by L. Detweiler .
All rights reserved.